koobas.hobune.stream
X.509 certificate exception "~isn't signed" but it really is signed
Hi, everyone!
Could you please check this question? https://stackoverflow.com/questions/48419314/x-509-certificates-exception-aws-iot I'm trying to connect to AWS IoT MQTT broker with X.509 certificates and I get an exception saying CryptographicException.
public AWSMqttManager()
{
//pfx fileName and password
var clientCert = new X509Certificate2("C:\\Users\\UNO\\Desktop\\...\\ttc20.pfx", "ttc20");
var caCert = X509Certificate.CreateFromSignedFile("C:\\Users\\UNO\\Desktop\\...\\VeriSign-Class 3-Public-Primary-Certification-Authority-G5.pem");
client = new MqttClient(IotEndpoint, BrokerPort, true, caCert, clientCert, MqttSslProtocols.TLSv1_2);
client.Connect("TTC-20");
}
CryptographicException: C:\Users\UNO\Desktop\...\VeriSign-Class 3-Public-Primary-Certification-Authority-G5.pem isn't signed.
System.Security.Cryptography.X509Certificates.X509Certificate.CreateFromSignedFile (System.String filename) (at <9c9f068c46c64ffd91fda7af157b4d15>:0)
but the funny thing is the same code exactly works very well in pure c# project. That exception only occurs if I port that part of c# code onto unity project. Also the files (.pfx, .pem) do work for sure because I tested with MQTT.fx. They are fine.
Please help me a little bit! Thanks in advance!
I am also experiencing errors like you, do not know you have found a solution yet? sorry for the trouble if you bother.
@$$anonymous$$usma @Giangpth Hey guys, I just run into exact same issue (2 yeas later :C ), no problem while running this code in .NET Core app but when doing the same in Unity, I get "certificate isn't signed" exception. it seems like .NET Framework (that's what unity is using I guess) X509Certificate implementation is somehow corrupted. The code looks the same because of common .NET Standard but underneath, it seems to be quite different. Unfortunately, $$anonymous$$icrosoft docs do not say anything about changes in logic of X509Certificate methods between different versions of .NET (same documentation for all of them), so it's probably a bug. If anyone finds a solution for this problem, please let me know.
After couple trials and errors I found the solution.
Replace this:
var caCert = X509Certificate.CreateFromSignedFile("C:\\Users\\UNO\\Desktop\\...\\VeriSign-Class 3-Public-Primary-Certification-Authority-G5.pem");
with this:
var caCert = new X509Certificate("C:\\Users\\UNO\\Desktop\\...\\VeriSign-Class 3-Public-Primary-Certification-Authority-G5.pem");
